SAP Slapping – labs.mwrinfosecurity.com
Dave Hartley delivered his “SAP Slapping” presentation at the CRESTCon and BSides London security conferences recently. The talk provides a high level overview of common SAP system vulnerabilities and misconfigurations.

Exploiting Windows 2008 – esec-pentest.sogeti.com
Internal network pentesting involving domain controllers requires a few steps in order to gain domain administrator access. One of them usually requires to gain local administrator access to a workstation.

Android Emulator, Trusted CA, and Persistent Storage – carnal0wnage.attackresearch.com
Android periodically updates it’s SDK and somtimes when this happens, old methods for importing a Trusted CA, necessary to proxy SSL traffic, will fail and you must find a new solution.

Update – Android & SSL Cert – carnal0wnage.attackresearch.com
Thanks to the comments left by Zach from our last Android post here, it has been brought to my attention there is an easier way to do all of this with the latest AVD (4.0.3).

MS12-029 – Critical : Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) – technet.microsoft.com
This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Bulletin Management Process and the May 2012 Bulletins – blogs.technet.com
Have you ever wondered why bulletins group particular issues together? Or one set of products and not another? Well today Jonathan Ness has posted an insightful Security Research & Defense (SRD) blog discussing some of the nuances and packaging decisions that went into MS12-034.

Thousands of Twitter passwords exposed – news.cnet.com
It’s unclear who’s responsible for posting passwords for Twitter accounts to a public Web site. The exact number of accounts is also unclear, as Twitter says many are duplicates and many had already been suspended.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.